Social Engineering Attacks Resulted in Compromise of Morgan Stanley Client Accounts

Social Engineering Attacks Resulted in Compromise of Morgan Stanley Client Accounts

Morgan Stanley’s wealth and asset management subsidiary, Morgan Stanley Wealth Management, claims that social engineering attacks have compromised some of its customers’ accounts. Vishing (also known as voice phishing) was used to breach the accounts. It is a social engineering attack in which scammers mimic a reputable business (in this case Morgan Stanley) over the phone to persuade their targets to expose or pass over sensitive information like banking or login credentials.

According to a notification sent to impacted clients, a threat actor portraying Morgan Stanley acquired access to their accounts “on or around February 11, 2022” after deceiving them into submitting their Morgan Stanley Online account information. After successfully compromising their accounts, the attacker used the Zelle payment tool to initiate electronic transfers of funds to their own bank account.

“As you are aware, on or around February 11, 2022, you were contacted by a bad actor claiming to be with Morgan Stanley,” the alert reads. “The bad actor was able to obtain information relating to your Morgan Stanley Online account, subsequently accessing this account and initiating unauthorized Zelle payments.” According to a spokesperson of Morgan Stanley, “there was no data breach or information leak from Morgan Stanley.”

The Morgan Stanley subsidiary also stated that all impacted clients’ accounts had been deactivated, adding that its systems “remain secure.” Morgan Stanley advises consumers not to take calls from numbers they don’t recognize as a way to protect themselves from vishing attacks and other sorts of social engineering frauds.

According to the company, you must also be cautious while giving out personal information over the phone. Make sure the individual requesting information is from a credible organization and is who they say they are. You may always hang up and contact the company again using a phone number obtained from a reliable source, such as the company’s official website or a financial statement.

Morgan Stanley announced a data breach in July 2021 when the Clop ransomware gang hacked into the Accellion FTA server of Guidehouse, one of Morgan Stanley’s third-party providers, and stole personal information belonging to its clients. Morgan Stanley is a significant investment banking and global financial services corporation based in the United States that offers investment banking, securities, wealth management, and investment management services across the world.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.

Share: